Use BasePeCoffLib PeCoffLoaderGetImageInfo() to check the PE/COFF image.
Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Chao Zhang <chao.b.zh...@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming....@intel.com>
---
SecurityPkg/SecurityPkg.dsc | 2 ++
.../SecureBootConfigDxe/SecureBootConfigDxe.inf | 1 +
.../SecureBootConfigDxe/SecureBootConfigImpl.c | 22 ++++++++++++++++++++++
.../SecureBootConfigDxe/SecureBootConfigImpl.h | 1 +
4 files changed, 26 insertions(+)
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index 1960b52..21cac78 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -34,6 +34,8 @@
PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf
UefiApplicationEntryPoint|MdePkg/Library/UefiApplicationEntryPoint/UefiApplicationEntryPoint.inf
PerformanceLib|MdePkg/Library/BasePerformanceLibNull/BasePerformanceLibNull.inf
+ PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf
+
PeCoffExtraActionLib|MdePkg/Library/BasePeCoffExtraActionLibNull/BasePeCoffExtraActionLibNull.inf
DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf
UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntryPoint.inf
diff --git
a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
index 6b143f5..fa7c39d 100644
---
a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+++
b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
@@ -58,6 +58,7 @@
PlatformSecureLib
DevicePathLib
FileExplorerLib
+ PeCoffLib
[Guids]
## SOMETIMES_CONSUMES ## Variable:L"CustomMode"
diff --git
a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
index 3f80441..7eb050f 100644
---
a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
+++
b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
@@ -1625,9 +1625,28 @@ LoadPeImage (
EFI_IMAGE_DOS_HEADER *DosHdr;
EFI_IMAGE_NT_HEADERS32 *NtHeader32;
EFI_IMAGE_NT_HEADERS64 *NtHeader64;
+ PE_COFF_LOADER_IMAGE_CONTEXT ImageContext;
+ EFI_STATUS Status;
NtHeader32 = NULL;
NtHeader64 = NULL;
+
+ ZeroMem (&ImageContext, sizeof (ImageContext));
+ ImageContext.Handle = (VOID *) mImageBase;
+ ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE)
PeCoffLoaderImageReadFromMemory;
+
+ //
+ // Get information about the image being loaded
+ //
+ Status = PeCoffLoaderGetImageInfo (&ImageContext);
+ if (EFI_ERROR (Status)) {
+ //
+ // The information can't be got from the invalid PeImage
+ //
+ DEBUG ((DEBUG_INFO, "SecureBootConfigDxe: PeImage invalid. \n"));
+ return Status;
+ }
+
//
// Read the Dos header
//
@@ -1689,6 +1708,9 @@ LoadPeImage (
Calculate hash of Pe/Coff image based on the authenticode image hashing in
PE/COFF Specification 8.0 Appendix A
+ Notes: PE/COFF image has been checked by BasePeCoffLib
PeCoffLoaderGetImageInfo() in
+ the function LoadPeImage ().
+
@param[in] HashAlg Hash algorithm type.
@retval TRUE Successfully hash image.
diff --git
a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h
b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h
index 0a09ab4..5055a9e 100644
---
a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h
+++
b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h
@@ -40,6 +40,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
EXPRESS OR IMPLIED.
#include <Library/PlatformSecureLib.h>
#include <Library/BaseCryptLib.h>
#include <Library/FileExplorerLib.h>
+#include <Library/PeCoffLib.h>
#include <Guid/MdeModuleHii.h>
#include <Guid/AuthenticatedVariableFormat.h>
--
2.8.0.windows.1
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
